CVE-2009-1505

Name of the Vulnerable Software and Affected Versions: Drupal News Page module version 5.x before 5.x-1.2

Description: The issue allows remote authenticated users with News Page nodes create and edit privileges to execute arbitrary SQL commands. This is achieved via the Include Words field, also known as keywords.

Recommendations: For versions prior to 5.x-1.2, update to version 5.x-1.2 or later to resolve the issue.